search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fkvm_get_regs: missing break in switch statement
[freebsd-src/fkvm-freebsd.git] / sys / kern / uipc_usrreq.c
blobacbd169557a0de77392e6a8dbba9eced1391620e
1 /*-
2 * Copyright (c) 1982, 1986, 1989, 1991, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2004-2007 Robert N. M. Watson
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94
32 */
33
34 /*
35 * UNIX Domain (Local) Sockets
36 *
37 * This is an implementation of UNIX (local) domain sockets. Each socket has
38 * an associated struct unpcb (UNIX protocol control block). Stream sockets
39 * may be connected to 0 or 1 other socket. Datagram sockets may be
40 * connected to 0, 1, or many other sockets. Sockets may be created and
41 * connected in pairs (socketpair(2)), or bound/connected to using the file
42 * system name space. For most purposes, only the receive socket buffer is
43 * used, as sending on one socket delivers directly to the receive socket
44 * buffer of a second socket.
45 *
46 * The implementation is substantially complicated by the fact that
47 * "ancillary data", such as file descriptors or credentials, may be passed
48 * across UNIX domain sockets. The potential for passing UNIX domain sockets
49 * over other UNIX domain sockets requires the implementation of a simple
50 * garbage collector to find and tear down cycles of disconnected sockets.
51 *
52 * TODO:
53 * SEQPACKET, RDM
54 * rethink name space problems
55 * need a proper out-of-band
56 */
57
58 #include <sys/cdefs.h>
59 __FBSDID("$FreeBSD$");
60
61 #include "opt_ddb.h"
62 #include "opt_mac.h"
63
64 #include <sys/param.h>
65 #include <sys/domain.h>
66 #include <sys/fcntl.h>
67 #include <sys/malloc.h> /* XXX must be before <sys/file.h> */
68 #include <sys/eventhandler.h>
69 #include <sys/file.h>
70 #include <sys/filedesc.h>
71 #include <sys/jail.h>
72 #include <sys/kernel.h>
73 #include <sys/lock.h>
74 #include <sys/mbuf.h>
75 #include <sys/mount.h>
76 #include <sys/mutex.h>
77 #include <sys/namei.h>
78 #include <sys/proc.h>
79 #include <sys/protosw.h>
80 #include <sys/resourcevar.h>
81 #include <sys/rwlock.h>
82 #include <sys/socket.h>
83 #include <sys/socketvar.h>
84 #include <sys/signalvar.h>
85 #include <sys/stat.h>
86 #include <sys/sx.h>
87 #include <sys/sysctl.h>
88 #include <sys/systm.h>
89 #include <sys/taskqueue.h>
90 #include <sys/un.h>
91 #include <sys/unpcb.h>
92 #include <sys/vnode.h>
93
94 #ifdef DDB
95 #include <ddb/ddb.h>
96 #endif
97
98 #include <security/mac/mac_framework.h>
99
100 #include <vm/uma.h>
101
102 static uma_zone_t unp_zone;
103 static unp_gen_t unp_gencnt;
104 static u_int unp_count; /* Count of local sockets. */
105 static ino_t unp_ino; /* Prototype for fake inode numbers. */
106 static int unp_rights; /* File descriptors in flight. */
107 static struct unp_head unp_shead; /* List of local stream sockets. */
108 static struct unp_head unp_dhead; /* List of local datagram sockets. */
109
110 static const struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL };
111
112 /*
113 * Garbage collection of cyclic file descriptor/socket references occurs
114 * asynchronously in a taskqueue context in order to avoid recursion and
115 * reentrance in the UNIX domain socket, file descriptor, and socket layer
116 * code. See unp_gc() for a full description.
117 */
118 static struct task unp_gc_task;
119
120 /*
121 * Both send and receive buffers are allocated PIPSIZ bytes of buffering for
122 * stream sockets, although the total for sender and receiver is actually
123 * only PIPSIZ.
124 *
125 * Datagram sockets really use the sendspace as the maximum datagram size,
126 * and don't really want to reserve the sendspace. Their recvspace should be
127 * large enough for at least one max-size datagram plus address.
128 */
129 #ifndef PIPSIZ
130 #define PIPSIZ 8192
131 #endif
132 static u_long unpst_sendspace = PIPSIZ;
133 static u_long unpst_recvspace = PIPSIZ;
134 static u_long unpdg_sendspace = 2*1024; /* really max datagram size */
135 static u_long unpdg_recvspace = 4*1024;
136
137 SYSCTL_NODE(_net, PF_LOCAL, local, CTLFLAG_RW, 0, "Local domain");
138 SYSCTL_NODE(_net_local, SOCK_STREAM, stream, CTLFLAG_RW, 0, "SOCK_STREAM");
139 SYSCTL_NODE(_net_local, SOCK_DGRAM, dgram, CTLFLAG_RW, 0, "SOCK_DGRAM");
140
141 SYSCTL_ULONG(_net_local_stream, OID_AUTO, sendspace, CTLFLAG_RW,
142 &unpst_sendspace, 0, "Default stream send space.");
143 SYSCTL_ULONG(_net_local_stream, OID_AUTO, recvspace, CTLFLAG_RW,
144 &unpst_recvspace, 0, "Default stream receive space.");
145 SYSCTL_ULONG(_net_local_dgram, OID_AUTO, maxdgram, CTLFLAG_RW,
146 &unpdg_sendspace, 0, "Default datagram send space.");
147 SYSCTL_ULONG(_net_local_dgram, OID_AUTO, recvspace, CTLFLAG_RW,
148 &unpdg_recvspace, 0, "Default datagram receive space.");
149 SYSCTL_INT(_net_local, OID_AUTO, inflight, CTLFLAG_RD, &unp_rights, 0,
150 "File descriptors in flight.");
151
152 /*-
153 * Locking and synchronization:
154 *
155 * The global UNIX domain socket rwlock (unp_global_rwlock) protects all
156 * global variables, including the linked lists tracking the set of allocated
157 * UNIX domain sockets. The global rwlock also serves to prevent deadlock
158 * when more than one PCB lock is acquired at a time (i.e., during
159 * connect()). Finally, the global rwlock protects uncounted references from
160 * vnodes to sockets bound to those vnodes: to safely dereference the
161 * v_socket pointer, the global rwlock must be held while a full reference is
162 * acquired.
163 *
164 * UNIX domain sockets each have an unpcb hung off of their so_pcb pointer,
165 * allocated in pru_attach() and freed in pru_detach(). The validity of that
166 * pointer is an invariant, so no lock is required to dereference the so_pcb
167 * pointer if a valid socket reference is held by the caller. In practice,
168 * this is always true during operations performed on a socket. Each unpcb
169 * has a back-pointer to its socket, unp_socket, which will be stable under
170 * the same circumstances.
171 *
172 * This pointer may only be safely dereferenced as long as a valid reference
173 * to the unpcb is held. Typically, this reference will be from the socket,
174 * or from another unpcb when the referring unpcb's lock is held (in order
175 * that the reference not be invalidated during use). For example, to follow
176 * unp->unp_conn->unp_socket, you need unlock the lock on unp, not unp_conn,
177 * as unp_socket remains valid as long as the reference to unp_conn is valid.
178 *
179 * Fields of unpcbss are locked using a per-unpcb lock, unp_mtx. Individual
180 * atomic reads without the lock may be performed "lockless", but more
181 * complex reads and read-modify-writes require the mutex to be held. No
182 * lock order is defined between unpcb locks -- multiple unpcb locks may be
183 * acquired at the same time only when holding the global UNIX domain socket
184 * rwlock exclusively, which prevents deadlocks.
185 *
186 * Blocking with UNIX domain sockets is a tricky issue: unlike most network
187 * protocols, bind() is a non-atomic operation, and connect() requires
188 * potential sleeping in the protocol, due to potentially waiting on local or
189 * distributed file systems. We try to separate "lookup" operations, which
190 * may sleep, and the IPC operations themselves, which typically can occur
191 * with relative atomicity as locks can be held over the entire operation.
192 *
193 * Another tricky issue is simultaneous multi-threaded or multi-process
194 * access to a single UNIX domain socket. These are handled by the flags
195 * UNP_CONNECTING and UNP_BINDING, which prevent concurrent connecting or
196 * binding, both of which involve dropping UNIX domain socket locks in order
197 * to perform namei() and other file system operations.
198 */
199 static struct rwlock unp_global_rwlock;
200
201 #define UNP_GLOBAL_LOCK_INIT() rw_init(&unp_global_rwlock, \
202 "unp_global_rwlock")
203
204 #define UNP_GLOBAL_LOCK_ASSERT() rw_assert(&unp_global_rwlock, \
205 RA_LOCKED)
206 #define UNP_GLOBAL_UNLOCK_ASSERT() rw_assert(&unp_global_rwlock, \
207 RA_UNLOCKED)
208
209 #define UNP_GLOBAL_WLOCK() rw_wlock(&unp_global_rwlock)
210 #define UNP_GLOBAL_WUNLOCK() rw_wunlock(&unp_global_rwlock)
211 #define UNP_GLOBAL_WLOCK_ASSERT() rw_assert(&unp_global_rwlock, \
212 RA_WLOCKED)
213 #define UNP_GLOBAL_WOWNED() rw_wowned(&unp_global_rwlock)
214
215 #define UNP_GLOBAL_RLOCK() rw_rlock(&unp_global_rwlock)
216 #define UNP_GLOBAL_RUNLOCK() rw_runlock(&unp_global_rwlock)
217 #define UNP_GLOBAL_RLOCK_ASSERT() rw_assert(&unp_global_rwlock, \
218 RA_RLOCKED)
219
220 #define UNP_PCB_LOCK_INIT(unp) mtx_init(&(unp)->unp_mtx, \
221 "unp_mtx", "unp_mtx", \
222 MTX_DUPOK|MTX_DEF|MTX_RECURSE)
223 #define UNP_PCB_LOCK_DESTROY(unp) mtx_destroy(&(unp)->unp_mtx)
224 #define UNP_PCB_LOCK(unp) mtx_lock(&(unp)->unp_mtx)
225 #define UNP_PCB_UNLOCK(unp) mtx_unlock(&(unp)->unp_mtx)
226 #define UNP_PCB_LOCK_ASSERT(unp) mtx_assert(&(unp)->unp_mtx, MA_OWNED)
227
228 static int unp_connect(struct socket *, struct sockaddr *,
229 struct thread *);
230 static int unp_connect2(struct socket *so, struct socket *so2, int);
231 static void unp_disconnect(struct unpcb *unp, struct unpcb *unp2);
232 static void unp_shutdown(struct unpcb *);
233 static void unp_drop(struct unpcb *, int);
234 static void unp_gc(__unused void *, int);
235 static void unp_scan(struct mbuf *, void (*)(struct file *));
236 static void unp_discard(struct file *);
237 static void unp_freerights(struct file **, int);
238 static int unp_internalize(struct mbuf **, struct thread *);
239 static void unp_internalize_fp(struct file *);
240 static void unp_externalize_fp(struct file *);
241 static struct mbuf *unp_addsockcred(struct thread *, struct mbuf *);
242
243 /*
244 * Definitions of protocols supported in the LOCAL domain.
245 */
246 static struct domain localdomain;
247 static struct protosw localsw[] = {
248 {
249 .pr_type = SOCK_STREAM,
250 .pr_domain = &localdomain,
251 .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_RIGHTS,
252 .pr_ctloutput = &uipc_ctloutput,
253 .pr_usrreqs = &uipc_usrreqs
254 },
255 {
256 .pr_type = SOCK_DGRAM,
257 .pr_domain = &localdomain,
258 .pr_flags = PR_ATOMIC|PR_ADDR|PR_RIGHTS,
259 .pr_usrreqs = &uipc_usrreqs
260 },
261 };
262
263 static struct domain localdomain = {
264 .dom_family = AF_LOCAL,
265 .dom_name = "local",
266 .dom_init = unp_init,
267 .dom_externalize = unp_externalize,
268 .dom_dispose = unp_dispose,
269 .dom_protosw = localsw,
270 .dom_protoswNPROTOSW = &localsw[sizeof(localsw)/sizeof(localsw[0])]
271 };
272 DOMAIN_SET(local);
273
274 static void
275 uipc_abort(struct socket *so)
276 {
277 struct unpcb *unp, *unp2;
278
279 unp = sotounpcb(so);
280 KASSERT(unp != NULL, ("uipc_abort: unp == NULL"));
281
282 UNP_GLOBAL_WLOCK();
283 UNP_PCB_LOCK(unp);
284 unp2 = unp->unp_conn;
285 if (unp2 != NULL) {
286 UNP_PCB_LOCK(unp2);
287 unp_drop(unp2, ECONNABORTED);
288 UNP_PCB_UNLOCK(unp2);
289 }
290 UNP_PCB_UNLOCK(unp);
291 UNP_GLOBAL_WUNLOCK();
292 }
293
294 static int
295 uipc_accept(struct socket *so, struct sockaddr **nam)
296 {
297 struct unpcb *unp, *unp2;
298 const struct sockaddr *sa;
299
300 /*
301 * Pass back name of connected socket, if it was bound and we are
302 * still connected (our peer may have closed already!).
303 */
304 unp = sotounpcb(so);
305 KASSERT(unp != NULL, ("uipc_accept: unp == NULL"));
306
307 *nam = malloc(sizeof(struct sockaddr_un), M_SONAME, M_WAITOK);
308 UNP_GLOBAL_RLOCK();
309 unp2 = unp->unp_conn;
310 if (unp2 != NULL && unp2->unp_addr != NULL) {
311 UNP_PCB_LOCK(unp2);
312 sa = (struct sockaddr *) unp2->unp_addr;
313 bcopy(sa, *nam, sa->sa_len);
314 UNP_PCB_UNLOCK(unp2);
315 } else {
316 sa = &sun_noname;
317 bcopy(sa, *nam, sa->sa_len);
318 }
319 UNP_GLOBAL_RUNLOCK();
320 return (0);
321 }
322
323 static int
324 uipc_attach(struct socket *so, int proto, struct thread *td)
325 {
326 u_long sendspace, recvspace;
327 struct unpcb *unp;
328 int error, locked;
329
330 KASSERT(so->so_pcb == NULL, ("uipc_attach: so_pcb != NULL"));
331 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
332 switch (so->so_type) {
333 case SOCK_STREAM:
334 sendspace = unpst_sendspace;
335 recvspace = unpst_recvspace;
336 break;
337
338 case SOCK_DGRAM:
339 sendspace = unpdg_sendspace;
340 recvspace = unpdg_recvspace;
341 break;
342
343 default:
344 panic("uipc_attach");
345 }
346 error = soreserve(so, sendspace, recvspace);
347 if (error)
348 return (error);
349 }
350 unp = uma_zalloc(unp_zone, M_NOWAIT | M_ZERO);
351 if (unp == NULL)
352 return (ENOBUFS);
353 LIST_INIT(&unp->unp_refs);
354 UNP_PCB_LOCK_INIT(unp);
355 unp->unp_socket = so;
356 so->so_pcb = unp;
357 unp->unp_refcount = 1;
358
359 /*
360 * uipc_attach() may be called indirectly from within the UNIX domain
361 * socket code via sonewconn() in unp_connect(). Since rwlocks can
362 * not be recursed, we do the closest thing.
363 */
364 locked = 0;
365 if (!UNP_GLOBAL_WOWNED()) {
366 UNP_GLOBAL_WLOCK();
367 locked = 1;
368 }
369 unp->unp_gencnt = ++unp_gencnt;
370 unp_count++;
371 LIST_INSERT_HEAD(so->so_type == SOCK_DGRAM ? &unp_dhead : &unp_shead,
372 unp, unp_link);
373 if (locked)
374 UNP_GLOBAL_WUNLOCK();
375
376 return (0);
377 }
378
379 static int
380 uipc_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
381 {
382 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
383 struct vattr vattr;
384 int error, namelen, vfslocked;
385 struct nameidata nd;
386 struct unpcb *unp;
387 struct vnode *vp;
388 struct mount *mp;
389 char *buf;
390
391 unp = sotounpcb(so);
392 KASSERT(unp != NULL, ("uipc_bind: unp == NULL"));
393
394 namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
395 if (namelen <= 0)
396 return (EINVAL);
397
398 /*
399 * We don't allow simultaneous bind() calls on a single UNIX domain
400 * socket, so flag in-progress operations, and return an error if an
401 * operation is already in progress.
402 *
403 * Historically, we have not allowed a socket to be rebound, so this
404 * also returns an error. Not allowing re-binding simplifies the
405 * implementation and avoids a great many possible failure modes.
406 */
407 UNP_PCB_LOCK(unp);
408 if (unp->unp_vnode != NULL) {
409 UNP_PCB_UNLOCK(unp);
410 return (EINVAL);
411 }
412 if (unp->unp_flags & UNP_BINDING) {
413 UNP_PCB_UNLOCK(unp);
414 return (EALREADY);
415 }
416 unp->unp_flags |= UNP_BINDING;
417 UNP_PCB_UNLOCK(unp);
418
419 buf = malloc(namelen + 1, M_TEMP, M_WAITOK);
420 bcopy(soun->sun_path, buf, namelen);
421 buf[namelen] = 0;
422
423 restart:
424 vfslocked = 0;
425 NDINIT(&nd, CREATE, MPSAFE | NOFOLLOW | LOCKPARENT | SAVENAME,
426 UIO_SYSSPACE, buf, td);
427 /* SHOULD BE ABLE TO ADOPT EXISTING AND wakeup() ALA FIFO's */
428 error = namei(&nd);
429 if (error)
430 goto error;
431 vp = nd.ni_vp;
432 vfslocked = NDHASGIANT(&nd);
433 if (vp != NULL || vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
434 NDFREE(&nd, NDF_ONLY_PNBUF);
435 if (nd.ni_dvp == vp)
436 vrele(nd.ni_dvp);
437 else
438 vput(nd.ni_dvp);
439 if (vp != NULL) {
440 vrele(vp);
441 error = EADDRINUSE;
442 goto error;
443 }
444 error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH);
445 if (error)
446 goto error;
447 VFS_UNLOCK_GIANT(vfslocked);
448 goto restart;
449 }
450 VATTR_NULL(&vattr);
451 vattr.va_type = VSOCK;
452 vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask);
453 #ifdef MAC
454 error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
455 &vattr);
456 #endif
457 if (error == 0) {
458 VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
459 error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
460 }
461 NDFREE(&nd, NDF_ONLY_PNBUF);
462 vput(nd.ni_dvp);
463 if (error) {
464 vn_finished_write(mp);
465 goto error;
466 }
467 vp = nd.ni_vp;
468 ASSERT_VOP_ELOCKED(vp, "uipc_bind");
469 soun = (struct sockaddr_un *)sodupsockaddr(nam, M_WAITOK);
470
471 UNP_GLOBAL_WLOCK();
472 UNP_PCB_LOCK(unp);
473 vp->v_socket = unp->unp_socket;
474 unp->unp_vnode = vp;
475 unp->unp_addr = soun;
476 unp->unp_flags &= ~UNP_BINDING;
477 UNP_PCB_UNLOCK(unp);
478 UNP_GLOBAL_WUNLOCK();
479 VOP_UNLOCK(vp, 0);
480 vn_finished_write(mp);
481 VFS_UNLOCK_GIANT(vfslocked);
482 free(buf, M_TEMP);
483 return (0);
484
485 error:
486 VFS_UNLOCK_GIANT(vfslocked);
487 UNP_PCB_LOCK(unp);
488 unp->unp_flags &= ~UNP_BINDING;
489 UNP_PCB_UNLOCK(unp);
490 free(buf, M_TEMP);
491 return (error);
492 }
493
494 static int
495 uipc_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
496 {
497 int error;
498
499 KASSERT(td == curthread, ("uipc_connect: td != curthread"));
500 UNP_GLOBAL_WLOCK();
501 error = unp_connect(so, nam, td);
502 UNP_GLOBAL_WUNLOCK();
503 return (error);
504 }
505
506 static void
507 uipc_close(struct socket *so)
508 {
509 struct unpcb *unp, *unp2;
510
511 unp = sotounpcb(so);
512 KASSERT(unp != NULL, ("uipc_close: unp == NULL"));
513
514 UNP_GLOBAL_WLOCK();
515 UNP_PCB_LOCK(unp);
516 unp2 = unp->unp_conn;
517 if (unp2 != NULL) {
518 UNP_PCB_LOCK(unp2);
519 unp_disconnect(unp, unp2);
520 UNP_PCB_UNLOCK(unp2);
521 }
522 UNP_PCB_UNLOCK(unp);
523 UNP_GLOBAL_WUNLOCK();
524 }
525
526 int
527 uipc_connect2(struct socket *so1, struct socket *so2)
528 {
529 struct unpcb *unp, *unp2;
530 int error;
531
532 UNP_GLOBAL_WLOCK();
533 unp = so1->so_pcb;
534 KASSERT(unp != NULL, ("uipc_connect2: unp == NULL"));
535 UNP_PCB_LOCK(unp);
536 unp2 = so2->so_pcb;
537 KASSERT(unp2 != NULL, ("uipc_connect2: unp2 == NULL"));
538 UNP_PCB_LOCK(unp2);
539 error = unp_connect2(so1, so2, PRU_CONNECT2);
540 UNP_PCB_UNLOCK(unp2);
541 UNP_PCB_UNLOCK(unp);
542 UNP_GLOBAL_WUNLOCK();
543 return (error);
544 }
545
546 /* control is EOPNOTSUPP */
547
548 static void
549 uipc_detach(struct socket *so)
550 {
551 struct unpcb *unp, *unp2;
552 struct sockaddr_un *saved_unp_addr;
553 struct vnode *vp;
554 int freeunp, local_unp_rights;
555
556 unp = sotounpcb(so);
557 KASSERT(unp != NULL, ("uipc_detach: unp == NULL"));
558
559 UNP_GLOBAL_WLOCK();
560 UNP_PCB_LOCK(unp);
561
562 LIST_REMOVE(unp, unp_link);
563 unp->unp_gencnt = ++unp_gencnt;
564 --unp_count;
565
566 /*
567 * XXXRW: Should assert vp->v_socket == so.
568 */
569 if ((vp = unp->unp_vnode) != NULL) {
570 unp->unp_vnode->v_socket = NULL;
571 unp->unp_vnode = NULL;
572 }
573 unp2 = unp->unp_conn;
574 if (unp2 != NULL) {
575 UNP_PCB_LOCK(unp2);
576 unp_disconnect(unp, unp2);
577 UNP_PCB_UNLOCK(unp2);
578 }
579
580 /*
581 * We hold the global lock, so it's OK to acquire multiple pcb locks
582 * at a time.
583 */
584 while (!LIST_EMPTY(&unp->unp_refs)) {
585 struct unpcb *ref = LIST_FIRST(&unp->unp_refs);
586
587 UNP_PCB_LOCK(ref);
588 unp_drop(ref, ECONNRESET);
589 UNP_PCB_UNLOCK(ref);
590 }
591 local_unp_rights = unp_rights;
592 UNP_GLOBAL_WUNLOCK();
593 unp->unp_socket->so_pcb = NULL;
594 saved_unp_addr = unp->unp_addr;
595 unp->unp_addr = NULL;
596 unp->unp_refcount--;
597 freeunp = (unp->unp_refcount == 0);
598 if (saved_unp_addr != NULL)
599 FREE(saved_unp_addr, M_SONAME);
600 if (freeunp) {
601 UNP_PCB_LOCK_DESTROY(unp);
602 uma_zfree(unp_zone, unp);
603 } else
604 UNP_PCB_UNLOCK(unp);
605 if (vp) {
606 int vfslocked;
607
608 vfslocked = VFS_LOCK_GIANT(vp->v_mount);
609 vrele(vp);
610 VFS_UNLOCK_GIANT(vfslocked);
611 }
612 if (local_unp_rights)
613 taskqueue_enqueue(taskqueue_thread, &unp_gc_task);
614 }
615
616 static int
617 uipc_disconnect(struct socket *so)
618 {
619 struct unpcb *unp, *unp2;
620
621 unp = sotounpcb(so);
622 KASSERT(unp != NULL, ("uipc_disconnect: unp == NULL"));
623
624 UNP_GLOBAL_WLOCK();
625 UNP_PCB_LOCK(unp);
626 unp2 = unp->unp_conn;
627 if (unp2 != NULL) {
628 UNP_PCB_LOCK(unp2);
629 unp_disconnect(unp, unp2);
630 UNP_PCB_UNLOCK(unp2);
631 }
632 UNP_PCB_UNLOCK(unp);
633 UNP_GLOBAL_WUNLOCK();
634 return (0);
635 }
636
637 static int
638 uipc_listen(struct socket *so, int backlog, struct thread *td)
639 {
640 struct unpcb *unp;
641 int error;
642
643 unp = sotounpcb(so);
644 KASSERT(unp != NULL, ("uipc_listen: unp == NULL"));
645
646 UNP_PCB_LOCK(unp);
647 if (unp->unp_vnode == NULL) {
648 UNP_PCB_UNLOCK(unp);
649 return (EINVAL);
650 }
651
652 SOCK_LOCK(so);
653 error = solisten_proto_check(so);
654 if (error == 0) {
655 cru2x(td->td_ucred, &unp->unp_peercred);
656 unp->unp_flags |= UNP_HAVEPCCACHED;
657 solisten_proto(so, backlog);
658 }
659 SOCK_UNLOCK(so);
660 UNP_PCB_UNLOCK(unp);
661 return (error);
662 }
663
664 static int
665 uipc_peeraddr(struct socket *so, struct sockaddr **nam)
666 {
667 struct unpcb *unp, *unp2;
668 const struct sockaddr *sa;
669
670 unp = sotounpcb(so);
671 KASSERT(unp != NULL, ("uipc_peeraddr: unp == NULL"));
672
673 *nam = malloc(sizeof(struct sockaddr_un), M_SONAME, M_WAITOK);
674 UNP_PCB_LOCK(unp);
675 /*
676 * XXX: It seems that this test always fails even when connection is
677 * established. So, this else clause is added as workaround to
678 * return PF_LOCAL sockaddr.
679 */
680 unp2 = unp->unp_conn;
681 if (unp2 != NULL) {
682 UNP_PCB_LOCK(unp2);
683 if (unp2->unp_addr != NULL)
684 sa = (struct sockaddr *) unp->unp_conn->unp_addr;
685 else
686 sa = &sun_noname;
687 bcopy(sa, *nam, sa->sa_len);
688 UNP_PCB_UNLOCK(unp2);
689 } else {
690 sa = &sun_noname;
691 bcopy(sa, *nam, sa->sa_len);
692 }
693 UNP_PCB_UNLOCK(unp);
694 return (0);
695 }
696
697 static int
698 uipc_rcvd(struct socket *so, int flags)
699 {
700 struct unpcb *unp, *unp2;
701 struct socket *so2;
702 u_int mbcnt, sbcc;
703 u_long newhiwat;
704
705 unp = sotounpcb(so);
706 KASSERT(unp != NULL, ("uipc_rcvd: unp == NULL"));
707
708 if (so->so_type == SOCK_DGRAM)
709 panic("uipc_rcvd DGRAM?");
710
711 if (so->so_type != SOCK_STREAM)
712 panic("uipc_rcvd unknown socktype");
713
714 /*
715 * Adjust backpressure on sender and wakeup any waiting to write.
716 *
717 * The unp lock is acquired to maintain the validity of the unp_conn
718 * pointer; no lock on unp2 is required as unp2->unp_socket will be
719 * static as long as we don't permit unp2 to disconnect from unp,
720 * which is prevented by the lock on unp. We cache values from
721 * so_rcv to avoid holding the so_rcv lock over the entire
722 * transaction on the remote so_snd.
723 */
724 SOCKBUF_LOCK(&so->so_rcv);
725 mbcnt = so->so_rcv.sb_mbcnt;
726 sbcc = so->so_rcv.sb_cc;
727 SOCKBUF_UNLOCK(&so->so_rcv);
728 UNP_PCB_LOCK(unp);
729 unp2 = unp->unp_conn;
730 if (unp2 == NULL) {
731 UNP_PCB_UNLOCK(unp);
732 return (0);
733 }
734 so2 = unp2->unp_socket;
735 SOCKBUF_LOCK(&so2->so_snd);
736 so2->so_snd.sb_mbmax += unp->unp_mbcnt - mbcnt;
737 newhiwat = so2->so_snd.sb_hiwat + unp->unp_cc - sbcc;
738 (void)chgsbsize(so2->so_cred->cr_uidinfo, &so2->so_snd.sb_hiwat,
739 newhiwat, RLIM_INFINITY);
740 sowwakeup_locked(so2);
741 unp->unp_mbcnt = mbcnt;
742 unp->unp_cc = sbcc;
743 UNP_PCB_UNLOCK(unp);
744 return (0);
745 }
746
747 /* pru_rcvoob is EOPNOTSUPP */
748
749 static int
750 uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
751 struct mbuf *control, struct thread *td)
752 {
753 struct unpcb *unp, *unp2;
754 struct socket *so2;
755 u_int mbcnt, sbcc;
756 u_long newhiwat;
757 int error = 0;
758
759 unp = sotounpcb(so);
760 KASSERT(unp != NULL, ("uipc_send: unp == NULL"));
761
762 if (flags & PRUS_OOB) {
763 error = EOPNOTSUPP;
764 goto release;
765 }
766
767 if (control != NULL && (error = unp_internalize(&control, td)))
768 goto release;
769
770 if ((nam != NULL) || (flags & PRUS_EOF))
771 UNP_GLOBAL_WLOCK();
772 else
773 UNP_GLOBAL_RLOCK();
774
775 switch (so->so_type) {
776 case SOCK_DGRAM:
777 {
778 const struct sockaddr *from;
779
780 unp2 = unp->unp_conn;
781 if (nam != NULL) {
782 UNP_GLOBAL_WLOCK_ASSERT();
783 if (unp2 != NULL) {
784 error = EISCONN;
785 break;
786 }
787 error = unp_connect(so, nam, td);
788 if (error)
789 break;
790 unp2 = unp->unp_conn;
791 }
792 /*
793 * Because connect() and send() are non-atomic in a sendto()
794 * with a target address, it's possible that the socket will
795 * have disconnected before the send() can run. In that case
796 * return the slightly counter-intuitive but otherwise
797 * correct error that the socket is not connected.
798 */
799 if (unp2 == NULL) {
800 error = ENOTCONN;
801 break;
802 }
803 /* Lockless read. */
804 if (unp2->unp_flags & UNP_WANTCRED)
805 control = unp_addsockcred(td, control);
806 UNP_PCB_LOCK(unp);
807 if (unp->unp_addr != NULL)
808 from = (struct sockaddr *)unp->unp_addr;
809 else
810 from = &sun_noname;
811 so2 = unp2->unp_socket;
812 SOCKBUF_LOCK(&so2->so_rcv);
813 if (sbappendaddr_locked(&so2->so_rcv, from, m, control)) {
814 sorwakeup_locked(so2);
815 m = NULL;
816 control = NULL;
817 } else {
818 SOCKBUF_UNLOCK(&so2->so_rcv);
819 error = ENOBUFS;
820 }
821 if (nam != NULL) {
822 UNP_GLOBAL_WLOCK_ASSERT();
823 UNP_PCB_LOCK(unp2);
824 unp_disconnect(unp, unp2);
825 UNP_PCB_UNLOCK(unp2);
826 }
827 UNP_PCB_UNLOCK(unp);
828 break;
829 }
830
831 case SOCK_STREAM:
832 /*
833 * Connect if not connected yet.
834 *
835 * Note: A better implementation would complain if not equal
836 * to the peer's address.
837 */
838 if ((so->so_state & SS_ISCONNECTED) == 0) {
839 if (nam != NULL) {
840 UNP_GLOBAL_WLOCK_ASSERT();
841 error = unp_connect(so, nam, td);
842 if (error)
843 break; /* XXX */
844 } else {
845 error = ENOTCONN;
846 break;
847 }
848 }
849
850 /* Lockless read. */
851 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
852 error = EPIPE;
853 break;
854 }
855 /*
856 * Because connect() and send() are non-atomic in a sendto()
857 * with a target address, it's possible that the socket will
858 * have disconnected before the send() can run. In that case
859 * return the slightly counter-intuitive but otherwise
860 * correct error that the socket is not connected.
861 *
862 * Locking here must be done carefully: the global lock
863 * prevents interconnections between unpcbs from changing, so
864 * we can traverse from unp to unp2 without acquiring unp's
865 * lock. Socket buffer locks follow unpcb locks, so we can
866 * acquire both remote and lock socket buffer locks.
867 */
868 unp2 = unp->unp_conn;
869 if (unp2 == NULL) {
870 error = ENOTCONN;
871 break;
872 }
873 so2 = unp2->unp_socket;
874 UNP_PCB_LOCK(unp2);
875 SOCKBUF_LOCK(&so2->so_rcv);
876 if (unp2->unp_flags & UNP_WANTCRED) {
877 /*
878 * Credentials are passed only once on SOCK_STREAM.
879 */
880 unp2->unp_flags &= ~UNP_WANTCRED;
881 control = unp_addsockcred(td, control);
882 }
883 /*
884 * Send to paired receive port, and then reduce send buffer
885 * hiwater marks to maintain backpressure. Wake up readers.
886 */
887 if (control != NULL) {
888 if (sbappendcontrol_locked(&so2->so_rcv, m, control))
889 control = NULL;
890 } else
891 sbappend_locked(&so2->so_rcv, m);
892 mbcnt = so2->so_rcv.sb_mbcnt - unp2->unp_mbcnt;
893 unp2->unp_mbcnt = so2->so_rcv.sb_mbcnt;
894 sbcc = so2->so_rcv.sb_cc;
895 sorwakeup_locked(so2);
896
897 SOCKBUF_LOCK(&so->so_snd);
898 newhiwat = so->so_snd.sb_hiwat - (sbcc - unp2->unp_cc);
899 (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat,
900 newhiwat, RLIM_INFINITY);
901 so->so_snd.sb_mbmax -= mbcnt;
902 SOCKBUF_UNLOCK(&so->so_snd);
903 unp2->unp_cc = sbcc;
904 UNP_PCB_UNLOCK(unp2);
905 m = NULL;
906 break;
907
908 default:
909 panic("uipc_send unknown socktype");
910 }
911
912 /*
913 * SEND_EOF is equivalent to a SEND followed by a SHUTDOWN.
914 */
915 if (flags & PRUS_EOF) {
916 UNP_PCB_LOCK(unp);
917 socantsendmore(so);
918 unp_shutdown(unp);
919 UNP_PCB_UNLOCK(unp);
920 }
921
922 if ((nam != NULL) || (flags & PRUS_EOF))
923 UNP_GLOBAL_WUNLOCK();
924 else
925 UNP_GLOBAL_RUNLOCK();
926
927 if (control != NULL && error != 0)
928 unp_dispose(control);
929
930 release:
931 if (control != NULL)
932 m_freem(control);
933 if (m != NULL)
934 m_freem(m);
935 return (error);
936 }
937
938 static int
939 uipc_sense(struct socket *so, struct stat *sb)
940 {
941 struct unpcb *unp, *unp2;
942 struct socket *so2;
943
944 unp = sotounpcb(so);
945 KASSERT(unp != NULL, ("uipc_sense: unp == NULL"));
946
947 sb->st_blksize = so->so_snd.sb_hiwat;
948 UNP_GLOBAL_RLOCK();
949 UNP_PCB_LOCK(unp);
950 unp2 = unp->unp_conn;
951 if (so->so_type == SOCK_STREAM && unp2 != NULL) {
952 so2 = unp2->unp_socket;
953 sb->st_blksize += so2->so_rcv.sb_cc;
954 }
955 sb->st_dev = NODEV;
956 if (unp->unp_ino == 0)
957 unp->unp_ino = (++unp_ino == 0) ? ++unp_ino : unp_ino;
958 sb->st_ino = unp->unp_ino;
959 UNP_PCB_UNLOCK(unp);
960 UNP_GLOBAL_RUNLOCK();
961 return (0);
962 }
963
964 static int
965 uipc_shutdown(struct socket *so)
966 {
967 struct unpcb *unp;
968
969 unp = sotounpcb(so);
970 KASSERT(unp != NULL, ("uipc_shutdown: unp == NULL"));
971
972 UNP_GLOBAL_WLOCK();
973 UNP_PCB_LOCK(unp);
974 socantsendmore(so);
975 unp_shutdown(unp);
976 UNP_PCB_UNLOCK(unp);
977 UNP_GLOBAL_WUNLOCK();
978 return (0);
979 }
980
981 static int
982 uipc_sockaddr(struct socket *so, struct sockaddr **nam)
983 {
984 struct unpcb *unp;
985 const struct sockaddr *sa;
986
987 unp = sotounpcb(so);
988 KASSERT(unp != NULL, ("uipc_sockaddr: unp == NULL"));
989
990 *nam = malloc(sizeof(struct sockaddr_un), M_SONAME, M_WAITOK);
991 UNP_PCB_LOCK(unp);
992 if (unp->unp_addr != NULL)
993 sa = (struct sockaddr *) unp->unp_addr;
994 else
995 sa = &sun_noname;
996 bcopy(sa, *nam, sa->sa_len);
997 UNP_PCB_UNLOCK(unp);
998 return (0);
999 }
1000
1001 struct pr_usrreqs uipc_usrreqs = {
1002 .pru_abort = uipc_abort,
1003 .pru_accept = uipc_accept,
1004 .pru_attach = uipc_attach,
1005 .pru_bind = uipc_bind,
1006 .pru_connect = uipc_connect,
1007 .pru_connect2 = uipc_connect2,
1008 .pru_detach = uipc_detach,
1009 .pru_disconnect = uipc_disconnect,
1010 .pru_listen = uipc_listen,
1011 .pru_peeraddr = uipc_peeraddr,
1012 .pru_rcvd = uipc_rcvd,
1013 .pru_send = uipc_send,
1014 .pru_sense = uipc_sense,
1015 .pru_shutdown = uipc_shutdown,
1016 .pru_sockaddr = uipc_sockaddr,
1017 .pru_close = uipc_close,
1018 };
1019
1020 int
1021 uipc_ctloutput(struct socket *so, struct sockopt *sopt)
1022 {
1023 struct unpcb *unp;
1024 struct xucred xu;
1025 int error, optval;
1026
1027 if (sopt->sopt_level != 0)
1028 return (EINVAL);
1029
1030 unp = sotounpcb(so);
1031 KASSERT(unp != NULL, ("uipc_ctloutput: unp == NULL"));
1032 error = 0;
1033 switch (sopt->sopt_dir) {
1034 case SOPT_GET:
1035 switch (sopt->sopt_name) {
1036 case LOCAL_PEERCRED:
1037 UNP_PCB_LOCK(unp);
1038 if (unp->unp_flags & UNP_HAVEPC)
1039 xu = unp->unp_peercred;
1040 else {
1041 if (so->so_type == SOCK_STREAM)
1042 error = ENOTCONN;
1043 else
1044 error = EINVAL;
1045 }
1046 UNP_PCB_UNLOCK(unp);
1047 if (error == 0)
1048 error = sooptcopyout(sopt, &xu, sizeof(xu));
1049 break;
1050
1051 case LOCAL_CREDS:
1052 /* Unlocked read. */
1053 optval = unp->unp_flags & UNP_WANTCRED ? 1 : 0;
1054 error = sooptcopyout(sopt, &optval, sizeof(optval));
1055 break;
1056
1057 case LOCAL_CONNWAIT:
1058 /* Unlocked read. */
1059 optval = unp->unp_flags & UNP_CONNWAIT ? 1 : 0;
1060 error = sooptcopyout(sopt, &optval, sizeof(optval));
1061 break;
1062
1063 default:
1064 error = EOPNOTSUPP;
1065 break;
1066 }
1067 break;
1068
1069 case SOPT_SET:
1070 switch (sopt->sopt_name) {
1071 case LOCAL_CREDS:
1072 case LOCAL_CONNWAIT:
1073 error = sooptcopyin(sopt, &optval, sizeof(optval),
1074 sizeof(optval));
1075 if (error)
1076 break;
1077
1078 #define OPTSET(bit) do { \
1079 UNP_PCB_LOCK(unp); \
1080 if (optval) \
1081 unp->unp_flags |= bit; \
1082 else \
1083 unp->unp_flags &= ~bit; \
1084 UNP_PCB_UNLOCK(unp); \
1085 } while (0)
1086
1087 switch (sopt->sopt_name) {
1088 case LOCAL_CREDS:
1089 OPTSET(UNP_WANTCRED);
1090 break;
1091
1092 case LOCAL_CONNWAIT:
1093 OPTSET(UNP_CONNWAIT);
1094 break;
1095
1096 default:
1097 break;
1098 }
1099 break;
1100 #undef OPTSET
1101 default:
1102 error = ENOPROTOOPT;
1103 break;
1104 }
1105 break;
1106
1107 default:
1108 error = EOPNOTSUPP;
1109 break;
1110 }
1111 return (error);
1112 }
1113
1114 static int
1115 unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
1116 {
1117 struct sockaddr_un *soun = (struct sockaddr_un *)nam;
1118 struct vnode *vp;
1119 struct socket *so2, *so3;
1120 struct unpcb *unp, *unp2, *unp3;
1121 int error, len, vfslocked;
1122 struct nameidata nd;
1123 char buf[SOCK_MAXADDRLEN];
1124 struct sockaddr *sa;
1125
1126 UNP_GLOBAL_WLOCK_ASSERT();
1127
1128 unp = sotounpcb(so);
1129 KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
1130
1131 len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
1132 if (len <= 0)
1133 return (EINVAL);
1134 bcopy(soun->sun_path, buf, len);
1135 buf[len] = 0;
1136
1137 UNP_PCB_LOCK(unp);
1138 if (unp->unp_flags & UNP_CONNECTING) {
1139 UNP_PCB_UNLOCK(unp);
1140 return (EALREADY);
1141 }
1142 UNP_GLOBAL_WUNLOCK();
1143 unp->unp_flags |= UNP_CONNECTING;
1144 UNP_PCB_UNLOCK(unp);
1145
1146 sa = malloc(sizeof(struct sockaddr_un), M_SONAME, M_WAITOK);
1147 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF, UIO_SYSSPACE, buf,
1148 td);
1149 error = namei(&nd);
1150 if (error)
1151 vp = NULL;
1152 else
1153 vp = nd.ni_vp;
1154 ASSERT_VOP_LOCKED(vp, "unp_connect");
1155 vfslocked = NDHASGIANT(&nd);
1156 NDFREE(&nd, NDF_ONLY_PNBUF);
1157 if (error)
1158 goto bad;
1159
1160 if (vp->v_type != VSOCK) {
1161 error = ENOTSOCK;
1162 goto bad;
1163 }
1164 #ifdef MAC
1165 error = mac_vnode_check_open(td->td_ucred, vp, VWRITE | VREAD);
1166 if (error)
1167 goto bad;
1168 #endif
1169 error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td);
1170 if (error)
1171 goto bad;
1172 VFS_UNLOCK_GIANT(vfslocked);
1173
1174 unp = sotounpcb(so);
1175 KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
1176
1177 /*
1178 * Lock global lock for two reasons: make sure v_socket is stable,
1179 * and to protect simultaneous locking of multiple pcbs.
1180 */
1181 UNP_GLOBAL_WLOCK();
1182 so2 = vp->v_socket;
1183 if (so2 == NULL) {
1184 error = ECONNREFUSED;
1185 goto bad2;
1186 }
1187 if (so->so_type != so2->so_type) {
1188 error = EPROTOTYPE;
1189 goto bad2;
1190 }
1191 if (so->so_proto->pr_flags & PR_CONNREQUIRED) {
1192 if (so2->so_options & SO_ACCEPTCONN) {
1193 /*
1194 * We can't drop the global lock here or 'so2' may
1195 * become invalid. As a result, we need to handle
1196 * possibly lock recursion in uipc_attach.
1197 */
1198 so3 = sonewconn(so2, 0);
1199 } else
1200 so3 = NULL;
1201 if (so3 == NULL) {
1202 error = ECONNREFUSED;
1203 goto bad2;
1204 }
1205 unp = sotounpcb(so);
1206 unp2 = sotounpcb(so2);
1207 unp3 = sotounpcb(so3);
1208 UNP_PCB_LOCK(unp);
1209 UNP_PCB_LOCK(unp2);
1210 UNP_PCB_LOCK(unp3);
1211 if (unp2->unp_addr != NULL) {
1212 bcopy(unp2->unp_addr, sa, unp2->unp_addr->sun_len);
1213 unp3->unp_addr = (struct sockaddr_un *) sa;
1214 sa = NULL;
1215 }
1216 /*
1217 * unp_peercred management:
1218 *
1219 * The connecter's (client's) credentials are copied from its
1220 * process structure at the time of connect() (which is now).
1221 */
1222 cru2x(td->td_ucred, &unp3->unp_peercred);
1223 unp3->unp_flags |= UNP_HAVEPC;
1224 /*
1225 * The receiver's (server's) credentials are copied from the
1226 * unp_peercred member of socket on which the former called
1227 * listen(); uipc_listen() cached that process's credentials
1228 * at that time so we can use them now.
1229 */
1230 KASSERT(unp2->unp_flags & UNP_HAVEPCCACHED,
1231 ("unp_connect: listener without cached peercred"));
1232 memcpy(&unp->unp_peercred, &unp2->unp_peercred,
1233 sizeof(unp->unp_peercred));
1234 unp->unp_flags |= UNP_HAVEPC;
1235 if (unp2->unp_flags & UNP_WANTCRED)
1236 unp3->unp_flags |= UNP_WANTCRED;
1237 UNP_PCB_UNLOCK(unp3);
1238 UNP_PCB_UNLOCK(unp2);
1239 UNP_PCB_UNLOCK(unp);
1240 #ifdef MAC
1241 SOCK_LOCK(so);
1242 mac_socketpeer_set_from_socket(so, so3);
1243 mac_socketpeer_set_from_socket(so3, so);
1244 SOCK_UNLOCK(so);
1245 #endif
1246
1247 so2 = so3;
1248 }
1249 unp = sotounpcb(so);
1250 KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
1251 unp2 = sotounpcb(so2);
1252 KASSERT(unp2 != NULL, ("unp_connect: unp2 == NULL"));
1253 UNP_PCB_LOCK(unp);
1254 UNP_PCB_LOCK(unp2);
1255 error = unp_connect2(so, so2, PRU_CONNECT);
1256 UNP_PCB_UNLOCK(unp2);
1257 UNP_PCB_UNLOCK(unp);
1258 bad2:
1259 UNP_GLOBAL_WUNLOCK();
1260 if (vfslocked)
1261 /*
1262 * Giant has been previously acquired. This means filesystem
1263 * isn't MPSAFE. Do it once again.
1264 */
1265 mtx_lock(&Giant);
1266 bad:
1267 if (vp != NULL)
1268 vput(vp);
1269 VFS_UNLOCK_GIANT(vfslocked);
1270 free(sa, M_SONAME);
1271 UNP_GLOBAL_WLOCK();
1272 UNP_PCB_LOCK(unp);
1273 unp->unp_flags &= ~UNP_CONNECTING;
1274 UNP_PCB_UNLOCK(unp);
1275 return (error);
1276 }
1277
1278 static int
1279 unp_connect2(struct socket *so, struct socket *so2, int req)
1280 {
1281 struct unpcb *unp;
1282 struct unpcb *unp2;
1283
1284 unp = sotounpcb(so);
1285 KASSERT(unp != NULL, ("unp_connect2: unp == NULL"));
1286 unp2 = sotounpcb(so2);
1287 KASSERT(unp2 != NULL, ("unp_connect2: unp2 == NULL"));
1288
1289 UNP_GLOBAL_WLOCK_ASSERT();
1290 UNP_PCB_LOCK_ASSERT(unp);
1291 UNP_PCB_LOCK_ASSERT(unp2);
1292
1293 if (so2->so_type != so->so_type)
1294 return (EPROTOTYPE);
1295 unp->unp_conn = unp2;
1296
1297 switch (so->so_type) {
1298 case SOCK_DGRAM:
1299 LIST_INSERT_HEAD(&unp2->unp_refs, unp, unp_reflink);
1300 soisconnected(so);
1301 break;
1302
1303 case SOCK_STREAM:
1304 unp2->unp_conn = unp;
1305 if (req == PRU_CONNECT &&
1306 ((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT))
1307 soisconnecting(so);
1308 else
1309 soisconnected(so);
1310 soisconnected(so2);
1311 break;
1312
1313 default:
1314 panic("unp_connect2");
1315 }
1316 return (0);
1317 }
1318
1319 static void
1320 unp_disconnect(struct unpcb *unp, struct unpcb *unp2)
1321 {
1322 struct socket *so;
1323
1324 KASSERT(unp2 != NULL, ("unp_disconnect: unp2 == NULL"));
1325
1326 UNP_GLOBAL_WLOCK_ASSERT();
1327 UNP_PCB_LOCK_ASSERT(unp);
1328 UNP_PCB_LOCK_ASSERT(unp2);
1329
1330 unp->unp_conn = NULL;
1331 switch (unp->unp_socket->so_type) {
1332 case SOCK_DGRAM:
1333 LIST_REMOVE(unp, unp_reflink);
1334 so = unp->unp_socket;
1335 SOCK_LOCK(so);
1336 so->so_state &= ~SS_ISCONNECTED;
1337 SOCK_UNLOCK(so);
1338 break;
1339
1340 case SOCK_STREAM:
1341 soisdisconnected(unp->unp_socket);
1342 unp2->unp_conn = NULL;
1343 soisdisconnected(unp2->unp_socket);
1344 break;
1345 }
1346 }
1347
1348 /*
1349 * unp_pcblist() walks the global list of struct unpcb's to generate a
1350 * pointer list, bumping the refcount on each unpcb. It then copies them out
1351 * sequentially, validating the generation number on each to see if it has
1352 * been detached. All of this is necessary because copyout() may sleep on
1353 * disk I/O.
1354 */
1355 static int
1356 unp_pcblist(SYSCTL_HANDLER_ARGS)
1357 {
1358 int error, i, n;
1359 int freeunp;
1360 struct unpcb *unp, **unp_list;
1361 unp_gen_t gencnt;
1362 struct xunpgen *xug;
1363 struct unp_head *head;
1364 struct xunpcb *xu;
1365
1366 head = ((intptr_t)arg1 == SOCK_DGRAM ? &unp_dhead : &unp_shead);
1367
1368 /*
1369 * The process of preparing the PCB list is too time-consuming and
1370 * resource-intensive to repeat twice on every request.
1371 */
1372 if (req->oldptr == NULL) {
1373 n = unp_count;
1374 req->oldidx = 2 * (sizeof *xug)
1375 + (n + n/8) * sizeof(struct xunpcb);
1376 return (0);
1377 }
1378
1379 if (req->newptr != NULL)
1380 return (EPERM);
1381
1382 /*
1383 * OK, now we're committed to doing something.
1384 */
1385 xug = malloc(sizeof(*xug), M_TEMP, M_WAITOK);
1386 UNP_GLOBAL_RLOCK();
1387 gencnt = unp_gencnt;
1388 n = unp_count;
1389 UNP_GLOBAL_RUNLOCK();
1390
1391 xug->xug_len = sizeof *xug;
1392 xug->xug_count = n;
1393 xug->xug_gen = gencnt;
1394 xug->xug_sogen = so_gencnt;
1395 error = SYSCTL_OUT(req, xug, sizeof *xug);
1396 if (error) {
1397 free(xug, M_TEMP);
1398 return (error);
1399 }
1400
1401 unp_list = malloc(n * sizeof *unp_list, M_TEMP, M_WAITOK);
1402
1403 UNP_GLOBAL_RLOCK();
1404 for (unp = LIST_FIRST(head), i = 0; unp && i < n;
1405 unp = LIST_NEXT(unp, unp_link)) {
1406 UNP_PCB_LOCK(unp);
1407 if (unp->unp_gencnt <= gencnt) {
1408 if (cr_cansee(req->td->td_ucred,
1409 unp->unp_socket->so_cred)) {
1410 UNP_PCB_UNLOCK(unp);
1411 continue;
1412 }
1413 unp_list[i++] = unp;
1414 unp->unp_refcount++;
1415 }
1416 UNP_PCB_UNLOCK(unp);
1417 }
1418 UNP_GLOBAL_RUNLOCK();
1419 n = i; /* In case we lost some during malloc. */
1420
1421 error = 0;
1422 xu = malloc(sizeof(*xu), M_TEMP, M_WAITOK | M_ZERO);
1423 for (i = 0; i < n; i++) {
1424 unp = unp_list[i];
1425 UNP_PCB_LOCK(unp);
1426 unp->unp_refcount--;
1427 if (unp->unp_refcount != 0 && unp->unp_gencnt <= gencnt) {
1428 xu->xu_len = sizeof *xu;
1429 xu->xu_unpp = unp;
1430 /*
1431 * XXX - need more locking here to protect against
1432 * connect/disconnect races for SMP.
1433 */
1434 if (unp->unp_addr != NULL)
1435 bcopy(unp->unp_addr, &xu->xu_addr,
1436 unp->unp_addr->sun_len);
1437 if (unp->unp_conn != NULL &&
1438 unp->unp_conn->unp_addr != NULL)
1439 bcopy(unp->unp_conn->unp_addr,
1440 &xu->xu_caddr,
1441 unp->unp_conn->unp_addr->sun_len);
1442 bcopy(unp, &xu->xu_unp, sizeof *unp);
1443 sotoxsocket(unp->unp_socket, &xu->xu_socket);
1444 UNP_PCB_UNLOCK(unp);
1445 error = SYSCTL_OUT(req, xu, sizeof *xu);
1446 } else {
1447 freeunp = (unp->unp_refcount == 0);
1448 UNP_PCB_UNLOCK(unp);
1449 if (freeunp) {
1450 UNP_PCB_LOCK_DESTROY(unp);
1451 uma_zfree(unp_zone, unp);
1452 }
1453 }
1454 }
1455 free(xu, M_TEMP);
1456 if (!error) {
1457 /*
1458 * Give the user an updated idea of our state. If the
1459 * generation differs from what we told her before, she knows
1460 * that something happened while we were processing this
1461 * request, and it might be necessary to retry.
1462 */
1463 xug->xug_gen = unp_gencnt;
1464 xug->xug_sogen = so_gencnt;
1465 xug->xug_count = unp_count;
1466 error = SYSCTL_OUT(req, xug, sizeof *xug);
1467 }
1468 free(unp_list, M_TEMP);
1469 free(xug, M_TEMP);
1470 return (error);
1471 }
1472
1473 SYSCTL_PROC(_net_local_dgram, OID_AUTO, pcblist, CTLFLAG_RD,
1474 (caddr_t)(long)SOCK_DGRAM, 0, unp_pcblist, "S,xunpcb",
1475 "List of active local datagram sockets");
1476 SYSCTL_PROC(_net_local_stream, OID_AUTO, pcblist, CTLFLAG_RD,
1477 (caddr_t)(long)SOCK_STREAM, 0, unp_pcblist, "S,xunpcb",
1478 "List of active local stream sockets");
1479
1480 static void
1481 unp_shutdown(struct unpcb *unp)
1482 {
1483 struct unpcb *unp2;
1484 struct socket *so;
1485
1486 UNP_GLOBAL_WLOCK_ASSERT();
1487 UNP_PCB_LOCK_ASSERT(unp);
1488
1489 unp2 = unp->unp_conn;
1490 if (unp->unp_socket->so_type == SOCK_STREAM && unp2 != NULL) {
1491 so = unp2->unp_socket;
1492 if (so != NULL)
1493 socantrcvmore(so);
1494 }
1495 }
1496
1497 static void
1498 unp_drop(struct unpcb *unp, int errno)
1499 {
1500 struct socket *so = unp->unp_socket;
1501 struct unpcb *unp2;
1502
1503 UNP_GLOBAL_WLOCK_ASSERT();
1504 UNP_PCB_LOCK_ASSERT(unp);
1505
1506 so->so_error = errno;
1507 unp2 = unp->unp_conn;
1508 if (unp2 == NULL)
1509 return;
1510
1511 UNP_PCB_LOCK(unp2);
1512 unp_disconnect(unp, unp2);
1513 UNP_PCB_UNLOCK(unp2);
1514 }
1515
1516 static void
1517 unp_freerights(struct file **rp, int fdcount)
1518 {
1519 int i;
1520 struct file *fp;
1521
1522 for (i = 0; i < fdcount; i++) {
1523 /*
1524 * Zero the pointer before calling unp_discard since it may
1525 * end up in unp_gc()..
1526 *
1527 * XXXRW: This is less true than it used to be.
1528 */
1529 fp = *rp;
1530 *rp++ = NULL;
1531 unp_discard(fp);
1532 }
1533 }
1534
1535 int
1536 unp_externalize(struct mbuf *control, struct mbuf **controlp)
1537 {
1538 struct thread *td = curthread; /* XXX */
1539 struct cmsghdr *cm = mtod(control, struct cmsghdr *);
1540 int i;
1541 int *fdp;
1542 struct file **rp;
1543 struct file *fp;
1544 void *data;
1545 socklen_t clen = control->m_len, datalen;
1546 int error, newfds;
1547 int f;
1548 u_int newlen;
1549
1550 UNP_GLOBAL_UNLOCK_ASSERT();
1551
1552 error = 0;
1553 if (controlp != NULL) /* controlp == NULL => free control messages */
1554 *controlp = NULL;
1555
1556 while (cm != NULL) {
1557 if (sizeof(*cm) > clen || cm->cmsg_len > clen) {
1558 error = EINVAL;
1559 break;
1560 }
1561
1562 data = CMSG_DATA(cm);
1563 datalen = (caddr_t)cm + cm->cmsg_len - (caddr_t)data;
1564
1565 if (cm->cmsg_level == SOL_SOCKET
1566 && cm->cmsg_type == SCM_RIGHTS) {
1567 newfds = datalen / sizeof(struct file *);
1568 rp = data;
1569
1570 /* If we're not outputting the descriptors free them. */
1571 if (error || controlp == NULL) {
1572 unp_freerights(rp, newfds);
1573 goto next;
1574 }
1575 FILEDESC_XLOCK(td->td_proc->p_fd);
1576 /* if the new FD's will not fit free them. */
1577 if (!fdavail(td, newfds)) {
1578 FILEDESC_XUNLOCK(td->td_proc->p_fd);
1579 error = EMSGSIZE;
1580 unp_freerights(rp, newfds);
1581 goto next;
1582 }
1583 /*
1584 * Now change each pointer to an fd in the global
1585 * table to an integer that is the index to the local
1586 * fd table entry that we set up to point to the
1587 * global one we are transferring.
1588 */
1589 newlen = newfds * sizeof(int);
1590 *controlp = sbcreatecontrol(NULL, newlen,
1591 SCM_RIGHTS, SOL_SOCKET);
1592 if (*controlp == NULL) {
1593 FILEDESC_XUNLOCK(td->td_proc->p_fd);
1594 error = E2BIG;
1595 unp_freerights(rp, newfds);
1596 goto next;
1597 }
1598
1599 fdp = (int *)
1600 CMSG_DATA(mtod(*controlp, struct cmsghdr *));
1601 for (i = 0; i < newfds; i++) {
1602 if (fdalloc(td, 0, &f))
1603 panic("unp_externalize fdalloc failed");
1604 fp = *rp++;
1605 td->td_proc->p_fd->fd_ofiles[f] = fp;
1606 unp_externalize_fp(fp);
1607 *fdp++ = f;
1608 }
1609 FILEDESC_XUNLOCK(td->td_proc->p_fd);
1610 } else {
1611 /* We can just copy anything else across. */
1612 if (error || controlp == NULL)
1613 goto next;
1614 *controlp = sbcreatecontrol(NULL, datalen,
1615 cm->cmsg_type, cm->cmsg_level);
1616 if (*controlp == NULL) {
1617 error = ENOBUFS;
1618 goto next;
1619 }
1620 bcopy(data,
1621 CMSG_DATA(mtod(*controlp, struct cmsghdr *)),
1622 datalen);
1623 }
1624
1625 controlp = &(*controlp)->m_next;
1626
1627 next:
1628 if (CMSG_SPACE(datalen) < clen) {
1629 clen -= CMSG_SPACE(datalen);
1630 cm = (struct cmsghdr *)
1631 ((caddr_t)cm + CMSG_SPACE(datalen));
1632 } else {
1633 clen = 0;
1634 cm = NULL;
1635 }
1636 }
1637
1638 m_freem(control);
1639
1640 return (error);
1641 }
1642
1643 static void
1644 unp_zone_change(void *tag)
1645 {
1646
1647 uma_zone_set_max(unp_zone, maxsockets);
1648 }
1649
1650 void
1651 unp_init(void)
1652 {
1653
1654 unp_zone = uma_zcreate("unpcb", sizeof(struct unpcb), NULL, NULL,
1655 NULL, NULL, UMA_ALIGN_PTR, 0);
1656 if (unp_zone == NULL)
1657 panic("unp_init");
1658 uma_zone_set_max(unp_zone, maxsockets);
1659 EVENTHANDLER_REGISTER(maxsockets_change, unp_zone_change,
1660 NULL, EVENTHANDLER_PRI_ANY);
1661 LIST_INIT(&unp_dhead);
1662 LIST_INIT(&unp_shead);
1663 TASK_INIT(&unp_gc_task, 0, unp_gc, NULL);
1664 UNP_GLOBAL_LOCK_INIT();
1665 }
1666
1667 static int
1668 unp_internalize(struct mbuf **controlp, struct thread *td)
1669 {
1670 struct mbuf *control = *controlp;
1671 struct proc *p = td->td_proc;
1672 struct filedesc *fdescp = p->p_fd;
1673 struct cmsghdr *cm = mtod(control, struct cmsghdr *);
1674 struct cmsgcred *cmcred;
1675 struct file **rp;
1676 struct file *fp;
1677 struct timeval *tv;
1678 int i, fd, *fdp;
1679 void *data;
1680 socklen_t clen = control->m_len, datalen;
1681 int error, oldfds;
1682 u_int newlen;
1683
1684 UNP_GLOBAL_UNLOCK_ASSERT();
1685
1686 error = 0;
1687 *controlp = NULL;
1688
1689 while (cm != NULL) {
1690 if (sizeof(*cm) > clen || cm->cmsg_level != SOL_SOCKET
1691 || cm->cmsg_len > clen) {
1692 error = EINVAL;
1693 goto out;
1694 }
1695
1696 data = CMSG_DATA(cm);
1697 datalen = (caddr_t)cm + cm->cmsg_len - (caddr_t)data;
1698
1699 switch (cm->cmsg_type) {
1700 /*
1701 * Fill in credential information.
1702 */
1703 case SCM_CREDS:
1704 *controlp = sbcreatecontrol(NULL, sizeof(*cmcred),
1705 SCM_CREDS, SOL_SOCKET);
1706 if (*controlp == NULL) {
1707 error = ENOBUFS;
1708 goto out;
1709 }
1710
1711 cmcred = (struct cmsgcred *)
1712 CMSG_DATA(mtod(*controlp, struct cmsghdr *));
1713 cmcred->cmcred_pid = p->p_pid;
1714 cmcred->cmcred_uid = td->td_ucred->cr_ruid;
1715 cmcred->cmcred_gid = td->td_ucred->cr_rgid;
1716 cmcred->cmcred_euid = td->td_ucred->cr_uid;
1717 cmcred->cmcred_ngroups = MIN(td->td_ucred->cr_ngroups,
1718 CMGROUP_MAX);
1719 for (i = 0; i < cmcred->cmcred_ngroups; i++)
1720 cmcred->cmcred_groups[i] =
1721 td->td_ucred->cr_groups[i];
1722 break;
1723
1724 case SCM_RIGHTS:
1725 oldfds = datalen / sizeof (int);
1726 /*
1727 * Check that all the FDs passed in refer to legal
1728 * files. If not, reject the entire operation.
1729 */
1730 fdp = data;
1731 FILEDESC_SLOCK(fdescp);
1732 for (i = 0; i < oldfds; i++) {
1733 fd = *fdp++;
1734 if ((unsigned)fd >= fdescp->fd_nfiles ||
1735 fdescp->fd_ofiles[fd] == NULL) {
1736 FILEDESC_SUNLOCK(fdescp);
1737 error = EBADF;
1738 goto out;
1739 }
1740 fp = fdescp->fd_ofiles[fd];
1741 if (!(fp->f_ops->fo_flags & DFLAG_PASSABLE)) {
1742 FILEDESC_SUNLOCK(fdescp);
1743 error = EOPNOTSUPP;
1744 goto out;
1745 }
1746
1747 }
1748
1749 /*
1750 * Now replace the integer FDs with pointers to
1751 * the associated global file table entry..
1752 */
1753 newlen = oldfds * sizeof(struct file *);
1754 *controlp = sbcreatecontrol(NULL, newlen,
1755 SCM_RIGHTS, SOL_SOCKET);
1756 if (*controlp == NULL) {
1757 FILEDESC_SUNLOCK(fdescp);
1758 error = E2BIG;
1759 goto out;
1760 }
1761
1762 fdp = data;
1763 rp = (struct file **)
1764 CMSG_DATA(mtod(*controlp, struct cmsghdr *));
1765 for (i = 0; i < oldfds; i++) {
1766 fp = fdescp->fd_ofiles[*fdp++];
1767 *rp++ = fp;
1768 unp_internalize_fp(fp);
1769 }
1770 FILEDESC_SUNLOCK(fdescp);
1771 break;
1772
1773 case SCM_TIMESTAMP:
1774 *controlp = sbcreatecontrol(NULL, sizeof(*tv),
1775 SCM_TIMESTAMP, SOL_SOCKET);
1776 if (*controlp == NULL) {
1777 error = ENOBUFS;
1778 goto out;
1779 }
1780 tv = (struct timeval *)
1781 CMSG_DATA(mtod(*controlp, struct cmsghdr *));
1782 microtime(tv);
1783 break;
1784
1785 default:
1786 error = EINVAL;
1787 goto out;
1788 }
1789
1790 controlp = &(*controlp)->m_next;
1791
1792 if (CMSG_SPACE(datalen) < clen) {
1793 clen -= CMSG_SPACE(datalen);
1794 cm = (struct cmsghdr *)
1795 ((caddr_t)cm + CMSG_SPACE(datalen));
1796 } else {
1797 clen = 0;
1798 cm = NULL;
1799 }
1800 }
1801
1802 out:
1803 m_freem(control);
1804
1805 return (error);
1806 }
1807
1808 static struct mbuf *
1809 unp_addsockcred(struct thread *td, struct mbuf *control)
1810 {
1811 struct mbuf *m, *n, *n_prev;
1812 struct sockcred *sc;
1813 const struct cmsghdr *cm;
1814 int ngroups;
1815 int i;
1816
1817 ngroups = MIN(td->td_ucred->cr_ngroups, CMGROUP_MAX);
1818
1819 m = sbcreatecontrol(NULL, SOCKCREDSIZE(ngroups), SCM_CREDS, SOL_SOCKET);
1820 if (m == NULL)
1821 return (control);
1822
1823 sc = (struct sockcred *) CMSG_DATA(mtod(m, struct cmsghdr *));
1824 sc->sc_uid = td->td_ucred->cr_ruid;
1825 sc->sc_euid = td->td_ucred->cr_uid;
1826 sc->sc_gid = td->td_ucred->cr_rgid;
1827 sc->sc_egid = td->td_ucred->cr_gid;
1828 sc->sc_ngroups = ngroups;
1829 for (i = 0; i < sc->sc_ngroups; i++)
1830 sc->sc_groups[i] = td->td_ucred->cr_groups[i];
1831
1832 /*
1833 * Unlink SCM_CREDS control messages (struct cmsgcred), since just
1834 * created SCM_CREDS control message (struct sockcred) has another
1835 * format.
1836 */
1837 if (control != NULL)
1838 for (n = control, n_prev = NULL; n != NULL;) {
1839 cm = mtod(n, struct cmsghdr *);
1840 if (cm->cmsg_level == SOL_SOCKET &&
1841 cm->cmsg_type == SCM_CREDS) {
1842 if (n_prev == NULL)
1843 control = n->m_next;
1844 else
1845 n_prev->m_next = n->m_next;
1846 n = m_free(n);
1847 } else {
1848 n_prev = n;
1849 n = n->m_next;
1850 }
1851 }
1852
1853 /* Prepend it to the head. */
1854 m->m_next = control;
1855
1856 return (m);
1857 }
1858
1859 static struct unpcb *
1860 fptounp(struct file *fp)
1861 {
1862 struct socket *so;
1863
1864 if (fp->f_type != DTYPE_SOCKET)
1865 return (NULL);
1866 if ((so = fp->f_data) == NULL)
1867 return (NULL);
1868 if (so->so_proto->pr_domain != &localdomain)
1869 return (NULL);
1870 return sotounpcb(so);
1871 }
1872
1873 static void
1874 unp_discard(struct file *fp)
1875 {
1876
1877 unp_externalize_fp(fp);
1878 (void) closef(fp, (struct thread *)NULL);
1879 }
1880
1881 static void
1882 unp_internalize_fp(struct file *fp)
1883 {
1884 struct unpcb *unp;
1885
1886 UNP_GLOBAL_WLOCK();
1887 if ((unp = fptounp(fp)) != NULL) {
1888 unp->unp_file = fp;
1889 unp->unp_msgcount++;
1890 }
1891 fhold(fp);
1892 unp_rights++;
1893 UNP_GLOBAL_WUNLOCK();
1894 }
1895
1896 static void
1897 unp_externalize_fp(struct file *fp)
1898 {
1899 struct unpcb *unp;
1900
1901 UNP_GLOBAL_WLOCK();
1902 if ((unp = fptounp(fp)) != NULL)
1903 unp->unp_msgcount--;
1904 unp_rights--;
1905 UNP_GLOBAL_WUNLOCK();
1906 }
1907
1908 /*
1909 * unp_defer indicates whether additional work has been defered for a future
1910 * pass through unp_gc(). It is thread local and does not require explicit
1911 * synchronization.
1912 */
1913 static int unp_marked;
1914 static int unp_unreachable;
1915
1916 static void
1917 unp_accessable(struct file *fp)
1918 {
1919 struct unpcb *unp;
1920
1921 if ((unp = fptounp(fp)) == NULL)
1922 return;
1923 if (unp->unp_gcflag & UNPGC_REF)
1924 return;
1925 unp->unp_gcflag &= ~UNPGC_DEAD;
1926 unp->unp_gcflag |= UNPGC_REF;
1927 unp_marked++;
1928 }
1929
1930 static void
1931 unp_gc_process(struct unpcb *unp)
1932 {
1933 struct socket *soa;
1934 struct socket *so;
1935 struct file *fp;
1936
1937 /* Already processed. */
1938 if (unp->unp_gcflag & UNPGC_SCANNED)
1939 return;
1940 fp = unp->unp_file;
1941 /*
1942 * Check for a socket potentially in a cycle. It must be in a
1943 * queue as indicated by msgcount, and this must equal the file
1944 * reference count. Note that when msgcount is 0 the file is NULL.
1945 */
1946 if ((unp->unp_gcflag & UNPGC_REF) == 0 && fp &&
1947 unp->unp_msgcount != 0 && fp->f_count == unp->unp_msgcount) {
1948 unp->unp_gcflag |= UNPGC_DEAD;
1949 unp_unreachable++;
1950 return;
1951 }
1952 /*
1953 * Mark all sockets we reference with RIGHTS.
1954 */
1955 so = unp->unp_socket;
1956 SOCKBUF_LOCK(&so->so_rcv);
1957 unp_scan(so->so_rcv.sb_mb, unp_accessable);
1958 SOCKBUF_UNLOCK(&so->so_rcv);
1959 /*
1960 * Mark all sockets in our accept queue.
1961 */
1962 ACCEPT_LOCK();
1963 TAILQ_FOREACH(soa, &so->so_comp, so_list) {
1964 SOCKBUF_LOCK(&soa->so_rcv);
1965 unp_scan(soa->so_rcv.sb_mb, unp_accessable);
1966 SOCKBUF_UNLOCK(&soa->so_rcv);
1967 }
1968 ACCEPT_UNLOCK();
1969 unp->unp_gcflag |= UNPGC_SCANNED;
1970 }
1971
1972 static int unp_recycled;
1973 SYSCTL_INT(_net_local, OID_AUTO, recycled, CTLFLAG_RD, &unp_recycled, 0,
1974 "Number of unreachable sockets claimed by the garbage collector.");
1975
1976 static int unp_taskcount;
1977 SYSCTL_INT(_net_local, OID_AUTO, taskcount, CTLFLAG_RD, &unp_taskcount, 0,
1978 "Number of times the garbage collector has run.");
1979
1980 static void
1981 unp_gc(__unused void *arg, int pending)
1982 {
1983 struct unp_head *heads[] = { &unp_dhead, &unp_shead, NULL };
1984 struct unp_head **head;
1985 struct file **unref;
1986 struct unpcb *unp;
1987 int i;
1988
1989 unp_taskcount++;
1990 UNP_GLOBAL_RLOCK();
1991 /*
1992 * First clear all gc flags from previous runs.
1993 */
1994 for (head = heads; *head != NULL; head++)
1995 LIST_FOREACH(unp, *head, unp_link)
1996 unp->unp_gcflag = 0;
1997 /*
1998 * Scan marking all reachable sockets with UNPGC_REF. Once a socket
1999 * is reachable all of the sockets it references are reachable.
2000 * Stop the scan once we do a complete loop without discovering
2001 * a new reachable socket.
2002 */
2003 do {
2004 unp_unreachable = 0;
2005 unp_marked = 0;
2006 for (head = heads; *head != NULL; head++)
2007 LIST_FOREACH(unp, *head, unp_link)
2008 unp_gc_process(unp);
2009 } while (unp_marked);
2010 UNP_GLOBAL_RUNLOCK();
2011 if (unp_unreachable == 0)
2012 return;
2013 /*
2014 * Allocate space for a local list of dead unpcbs.
2015 */
2016 unref = malloc(unp_unreachable * sizeof(struct file *),
2017 M_TEMP, M_WAITOK);
2018 /*
2019 * Iterate looking for sockets which have been specifically marked
2020 * as as unreachable and store them locally.
2021 */
2022 UNP_GLOBAL_RLOCK();
2023 for (i = 0, head = heads; *head != NULL; head++)
2024 LIST_FOREACH(unp, *head, unp_link)
2025 if (unp->unp_gcflag & UNPGC_DEAD) {
2026 unref[i++] = unp->unp_file;
2027 fhold(unp->unp_file);
2028 KASSERT(unp->unp_file != NULL,
2029 ("unp_gc: Invalid unpcb."));
2030 KASSERT(i <= unp_unreachable,
2031 ("unp_gc: incorrect unreachable count."));
2032 }
2033 UNP_GLOBAL_RUNLOCK();
2034 /*
2035 * Now flush all sockets, free'ing rights. This will free the
2036 * struct files associated with these sockets but leave each socket
2037 * with one remaining ref.
2038 */
2039 for (i = 0; i < unp_unreachable; i++)
2040 sorflush(unref[i]->f_data);
2041 /*
2042 * And finally release the sockets so they can be reclaimed.
2043 */
2044 for (i = 0; i < unp_unreachable; i++)
2045 fdrop(unref[i], NULL);
2046 unp_recycled += unp_unreachable;
2047 free(unref, M_TEMP);
2048 }
2049
2050 void
2051 unp_dispose(struct mbuf *m)
2052 {
2053
2054 if (m)
2055 unp_scan(m, unp_discard);
2056 }
2057
2058 static void
2059 unp_scan(struct mbuf *m0, void (*op)(struct file *))
2060 {
2061 struct mbuf *m;
2062 struct file **rp;
2063 struct cmsghdr *cm;
2064 void *data;
2065 int i;
2066 socklen_t clen, datalen;
2067 int qfds;
2068
2069 while (m0 != NULL) {
2070 for (m = m0; m; m = m->m_next) {
2071 if (m->m_type != MT_CONTROL)
2072 continue;
2073
2074 cm = mtod(m, struct cmsghdr *);
2075 clen = m->m_len;
2076
2077 while (cm != NULL) {
2078 if (sizeof(*cm) > clen || cm->cmsg_len > clen)
2079 break;
2080
2081 data = CMSG_DATA(cm);
2082 datalen = (caddr_t)cm + cm->cmsg_len
2083 - (caddr_t)data;
2084
2085 if (cm->cmsg_level == SOL_SOCKET &&
2086 cm->cmsg_type == SCM_RIGHTS) {
2087 qfds = datalen / sizeof (struct file *);
2088 rp = data;
2089 for (i = 0; i < qfds; i++)
2090 (*op)(*rp++);
2091 }
2092
2093 if (CMSG_SPACE(datalen) < clen) {
2094 clen -= CMSG_SPACE(datalen);
2095 cm = (struct cmsghdr *)
2096 ((caddr_t)cm + CMSG_SPACE(datalen));
2097 } else {
2098 clen = 0;
2099 cm = NULL;
2100 }
2101 }
2102 }
2103 m0 = m0->m_act;
2104 }
2105 }
2106
2107 #ifdef DDB
2108 static void
2109 db_print_indent(int indent)
2110 {
2111 int i;
2112
2113 for (i = 0; i < indent; i++)
2114 db_printf(" ");
2115 }
2116
2117 static void
2118 db_print_unpflags(int unp_flags)
2119 {
2120 int comma;
2121
2122 comma = 0;
2123 if (unp_flags & UNP_HAVEPC) {
2124 db_printf("%sUNP_HAVEPC", comma ? ", " : "");
2125 comma = 1;
2126 }
2127 if (unp_flags & UNP_HAVEPCCACHED) {
2128 db_printf("%sUNP_HAVEPCCACHED", comma ? ", " : "");
2129 comma = 1;
2130 }
2131 if (unp_flags & UNP_WANTCRED) {
2132 db_printf("%sUNP_WANTCRED", comma ? ", " : "");
2133 comma = 1;
2134 }
2135 if (unp_flags & UNP_CONNWAIT) {
2136 db_printf("%sUNP_CONNWAIT", comma ? ", " : "");
2137 comma = 1;
2138 }
2139 if (unp_flags & UNP_CONNECTING) {
2140 db_printf("%sUNP_CONNECTING", comma ? ", " : "");
2141 comma = 1;
2142 }
2143 if (unp_flags & UNP_BINDING) {
2144 db_printf("%sUNP_BINDING", comma ? ", " : "");
2145 comma = 1;
2146 }
2147 }
2148
2149 static void
2150 db_print_xucred(int indent, struct xucred *xu)
2151 {
2152 int comma, i;
2153
2154 db_print_indent(indent);
2155 db_printf("cr_version: %u cr_uid: %u cr_ngroups: %d\n",
2156 xu->cr_version, xu->cr_uid, xu->cr_ngroups);
2157 db_print_indent(indent);
2158 db_printf("cr_groups: ");
2159 comma = 0;
2160 for (i = 0; i < xu->cr_ngroups; i++) {
2161 db_printf("%s%u", comma ? ", " : "", xu->cr_groups[i]);
2162 comma = 1;
2163 }
2164 db_printf("\n");
2165 }
2166
2167 static void
2168 db_print_unprefs(int indent, struct unp_head *uh)
2169 {
2170 struct unpcb *unp;
2171 int counter;
2172
2173 counter = 0;
2174 LIST_FOREACH(unp, uh, unp_reflink) {
2175 if (counter % 4 == 0)
2176 db_print_indent(indent);
2177 db_printf("%p ", unp);
2178 if (counter % 4 == 3)
2179 db_printf("\n");
2180 counter++;
2181 }
2182 if (counter != 0 && counter % 4 != 0)
2183 db_printf("\n");
2184 }
2185
2186 DB_SHOW_COMMAND(unpcb, db_show_unpcb)
2187 {
2188 struct unpcb *unp;
2189
2190 if (!have_addr) {
2191 db_printf("usage: show unpcb <addr>\n");
2192 return;
2193 }
2194 unp = (struct unpcb *)addr;
2195
2196 db_printf("unp_socket: %p unp_vnode: %p\n", unp->unp_socket,
2197 unp->unp_vnode);
2198
2199 db_printf("unp_ino: %d unp_conn: %p\n", unp->unp_ino,
2200 unp->unp_conn);
2201
2202 db_printf("unp_refs:\n");
2203 db_print_unprefs(2, &unp->unp_refs);
2204
2205 /* XXXRW: Would be nice to print the full address, if any. */
2206 db_printf("unp_addr: %p\n", unp->unp_addr);
2207
2208 db_printf("unp_cc: %d unp_mbcnt: %d unp_gencnt: %llu\n",
2209 unp->unp_cc, unp->unp_mbcnt,
2210 (unsigned long long)unp->unp_gencnt);
2211
2212 db_printf("unp_flags: %x (", unp->unp_flags);
2213 db_print_unpflags(unp->unp_flags);
2214 db_printf(")\n");
2215
2216 db_printf("unp_peercred:\n");
2217 db_print_xucred(2, &unp->unp_peercred);
2218
2219 db_printf("unp_refcount: %u\n", unp->unp_refcount);
2220 }
2221 #endif
FreeBSD kvm: FreeBSD sources